Get the latest news about SolarWinds Security Event Manager (SEM)
I have some windows agents that have the LEM appliance IP ending in .85 and I need the agent to point to .185 instead. I thought rerunning the remote installer on the list of hosts would fix this but it's not. Is there some command line flags I can pass the installer to make it update the LEM appliance IP the agent is…
HI, Please let me know,How an we detect attacks from CISCO ASA Firewall using LEM.I have read about various ASA SIDs being logged as syslog messages by cisco firewall upon which cisco recommend some action.What is the best practice be utilized to detect attacks intrusions from Cisco ASA firewall using lem.
I am running the report logon failures by user and want to look at outside business hours, previous day 6pm to current day 6am. I can manually run the report but I need it to run on a daily schedule. When I attempt to schedule using user defined start and end times, it just runs the same day range each day, (10/1/2016 6pm…
Hi, We are about to purchase Solarwinds but need to work out licensing costs first. We have 10 hosts running docker, there are 50 containers running across the hosts. If we wanted to log data for all containers how many LEM licenses would this use. 10. 50 or 60? Thanks, Phil
I've run into an issue with the Sysmon connector on machines running Sysmon v8. The network connect events are no longer properly formatted and information is lost. Below is a screenshot of two events, one from a machine running v8 and one running v7.2. Sysmon v8 added a field called Rule Name to the output, so perhaps…
Hi, I am currently facing some problem in establishing correctional rules.To make a correlation rules we must understand the behavior of attack as per my knowledge. Lem has built in correlation rules like worm detection but I want to make correlation rules customized to my environment.Please let me know that what are the…
In creating a user defined group which is then used as part of a rule, I need to define a subnet or range of IPs. How can that be done other than by using astirik? For example to specify the IPs 10.10.10.0-63 or 10.10.10.0/26
We are pushing our LEM agent to all PCs on our network. While the LEM install agent install package works great, we want to insure that we don't miss any computers on our domain. A co-worker helped me create the attached batch script that we are running this script on the computer side of our group policy. This checks to…
Hello Team...I was wondering in terms of "Best Practice" tracking for the PCI, NIST, Security logging...is there such a thing as "Best Practice"? In other words, when I look at the different sections for Security, PCI, etc. I often see the same or similar templates for use. Currently, the environment we are using has all…
Hello, What would be the best way to go about switching off communication with a malicious/compromised/blocked IP that is fed from Thread Intelligence Feed or manually inserted into UDG from Emerging Threats rulesets at Index of /blockrules I tried to correlate WebTrafficAudit event (OR) Network Audit event group with…
It looks like you're new here. Sign in or register to get started.